chpasswd Command

Purpose

Changes password for users.

Syntax

chpasswd [ -R load_module ] [ -e ] [ -f flags | -c ]

Description

The chpasswd command administers users' passwords. The root user can supply or change users' passwords specified through standard input. Each line of input must be of the following format. 
username:password
Only root users can set passwords with this command.

By default, the chpasswd command sets the ADMCHG flag for the users. The -f option may be used with other valid flags to override the default. The -c option clears all password flags.

The password field can be cleartext or a value encrypted with the crypt algorithm. The -e option indicates that passwords are of encrypted format. Please note that all passwords in a batch must conform to the same format.

You can set LDAP user passwords in an ldap_auth environment by using the chpasswd command and specifying -R LDAP. However, when you specify the -e option for the encrypted format, the chpasswd command-crypted format and LDAP server-crypted format must match.

See the section "Administering a PowerHA® cluster" in the PowerHA SystemMirror Administration Guide, 7.1 or later, for a discussion of the behavior of this command in a PowerHA cluster.

Flags

Item Description
-c Clears all password flags.
-e Specifies that the passwords are of encrypted format.
-f flags Specifies the comma separated list of password flags to set. Valid flag values are: ADMIN, ADMCHG, and/or NOCHECK. Refer to the pwdadm command documentation for details about these values.
-R load_module Specifies the loadable I&A module used to change users' passwords.

Security

Access Control

Only root users should have execute (x) access to this command. The command should have the trusted computing base attribute.

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To set passwords for users from the command line, type: 
    chpasswd
    Followed by entering username:password pairs, one pair per line. Enter CTRL+D when finished. 
    user1:passwd1
user2:passwd2
CTRL+D
  2. To set passwords for users contained in a file named mypwdfile, type the following: 
    cat mypwdfile | chpasswd
    Note that mypwdfile must contain username:password pairs; one pair per line. For example: 
    user1:passwd1
user2:passwd2
...

Files

Mode File Description
  /etc/user/bin/chpasswd Location of the chpasswd command.
rw /etc/passwd  
rw /etc/security/passwd  
r /etc/security/user